US Senators Raise Alarms About China’s New Encryption Law

WASHINGTON—U.S. lawmakers are increasingly concerned about China’s new cybersecurity rules that put U.S. companies at risk of losing sensitive data.

In October 2019, China passed a law that took effect on Jan. 1 to
regulate cryptography in the country. The new legislation is the latest
in a series of cybersecurity measures that Beijing has been rolling out
in recent years to control data and communications within the country.

The
new rules are potentially alarming, as foreign companies operating in
China won’t be able to keep their data secret from the Chinese communist
regime.

Sen. Rick Scott (R-Fla.) who is closely watching recent moves by Beijing, urged U.S. companies to stop working with the regime.

The
new law is the latest instrument the Chinese regime is using “to steal
U.S. technology, intellectual property, and personal data,” Scott’s
office told The Epoch Times in an email.

“Senator Scott has been
clear that American businesses, hospitals, and universities must be
vigilant and proactive when it comes to the threat of Communist China,
and should stop doing business with the regime.”

Companies use encryption
technology to protect the confidentiality of information transmitted
and stored on networks. No foreign company, however, will be able to
encrypt its data or communication if China enforces the new rules.

Scott,
who’s an outspoken critic of the Beijing regime, earlier warned that
Communist China’s goal is “to control the entire world.”

“I think all of us have to understand if we give data to China, they can use it against us,” he told CNBC on Nov. 18, 2019.

“We
have to be absolutely clear we are not going to do business with China
and let them have our information,” he said, calling for a wider
decoupling— loosening of trade and economic ties—of the United States
and China.

According to author and China expert Gordon Chang,
Beijing’s goal is to control all communications, data, and other
information stored in electronic form that belong to foreign companies.

No
information would be kept secret if China enforces the new rules, he
said, as the companies would have to turn over encryption keys and might
be prohibited from using virtual private networks (VPNs) to circumvent
the rules.

In
addition, the Chinese regime may freely share the trade secrets of
those foreign companies with China’s state-controlled enterprises, he
warned.

Chang believes that a bill introduced by Sen. Josh Hawley (R-Mo.) will help counter the new threat.

If Hawley’s bill becomes law, he said, it would mean that U.S. companies would effectively have to leave China.

In
November 2019, the Missouri Republican introduced the measure, the
National Security and Data Protection Act of 2019, which prevents U.S.
firms from transferring user data or encryption keys to China. The
proposed bill also prohibits U.S. companies from storing data in China.

Others who have signed on to the bill are Sens. Marco Rubio (R-Fla.) and Tom Cotton (R-Ark.).

“Current
law makes it far too easy for hostile foreign governments like China to
access Americans’ sensitive data,” Hawley said in a statement. “Chinese
companies with vast amounts of personal data on Americans are required
by Chinese law to provide that data to Chinese intelligence services.”

Hawley
raised concerns about Beijing’s potential influence because of the
popular Chinese-owned TikTok social media platform that allows users to
share videos, and Apple’s decision regarding iCloud encryption keys in
China, calling them national security threats.

To comply with new Chinese laws, Apple announced in 2018 that it would transfer management of its Chinese iCloud data
to a local state-owned firm in China. The tech company also stated it
would store iCloud encryption keys for Chinese users within China,
raising concerns about government access.

“Chinese law allows the
Communist Party to seize data from American companies operating in China
whenever it wants, for whatever reason it wants,” Hawley stated. “This
legislation takes crucial steps to stop Americans’ sensitive data from
falling into the hands of hostile foreign governments.”

Beijing
has been implementing policies to govern data, including data
localization, which forces both foreign and Chinese entities to store
their data locally. The latest encryption law now governs how the data
can be accessed by the regime.

U.S. firms don’t know exactly how
these laws will be implemented and enforced. If the rules are enforced
to the maximum extent, it will have significant repercussions for
companies operating in China, experts warned.